[sudo-users] useradd/mod not allowing root group
Edilmar Alves - Lista
edilista at fes.br
Thu Nov 18 17:54:55 EST 2004
Hi,
I put this rule for a user with some "power-admin" resources:
User_Alias USERS = edilmar
Cmnd_Alias USERMAN = /usr/sbin/useradd, /usr/sbin/userdel,
/usr/sbin/usermod
USERS ALL = NOPASSWD: USERMAN
but the "edilmar" user can do this:
usermod -G root edilmar
or
usermod -G othergroup,root edilmar
I want to allow "edilmar" to use the "usermod" command to test this with
many users, because this config is for students. But I don't want to
allow him to become root.
Is there some rule to do this?
Something like:
Cmnd_Alias USERMAN = /usr/sbin/useradd, /usr/sbin/userdel,
/usr/sbin/usermod, !/usr/sbin/usermod ANYTHING_WITH_ROOT_IN_THE_STRING
I found this rule for passwd that do something like for passwd:
Cmnd_Alias PASSWD = /usr/bin/passwd [A-z]*, !/usr/bin/passwd
root
but this is easier because passwd only have one parameter for user
name... and usermod may have the word root at many places.
More information about the sudo-users
mailing list